diff --git a/.gitignore b/.gitignore index 940c403cd..6be4686a4 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ naver*.html initests01/ SIRsoft000/ config.php +pma/ diff --git a/adm/menu_list_update.php b/adm/menu_list_update.php index f62ab4714..7c5e03141 100644 --- a/adm/menu_list_update.php +++ b/adm/menu_list_update.php @@ -26,6 +26,7 @@ for ($i=0; $i<$count; $i++) } $_POST['me_link'][$i] = is_array($_POST['me_link']) ? clean_xss_tags(clean_xss_attributes(preg_replace('/[ ]{2,}|[\t]/', '', $_POST['me_link'][$i]), 1)) : ''; + $_POST['me_link'][$i] = html_purifier($_POST['me_link'][$i]); $code = is_array($_POST['code']) ? strip_tags($_POST['code'][$i]) : ''; $me_name = is_array($_POST['me_name']) ? strip_tags($_POST['me_name'][$i]) : ''; diff --git a/adm/shop_admin/configform.php b/adm/shop_admin/configform.php index 9cda6b00f..2cc89e2fd 100644 --- a/adm/shop_admin/configform.php +++ b/adm/shop_admin/configform.php @@ -625,7 +625,7 @@ if(!$default['de_kakaopay_cancelpwd']){ KG이니시스 가상계좌 입금통보 URL - KG이니시스 관리자 > 거래조회 > 가상계좌 > 입금통보방식선택 > URL 수신 설정에 넣으셔야 상점에 자동으로 입금 통보됩니다."); ?> + KG이니시스 관리자 > 거래내역 > 가상계좌 > 입금통보방식선택 > URL 수신 설정에 넣으셔야 상점에 자동으로 입금 통보됩니다."); ?> /settle_inicis_common.php @@ -919,6 +919,7 @@ if(!$default['de_kakaopay_cancelpwd']){ + @@ -982,6 +983,7 @@ if(!$default['de_kakaopay_cancelpwd']){ + 에스크로 사용 diff --git a/adm/shop_admin/configformupdate.php b/adm/shop_admin/configformupdate.php index 3d31db95c..ae621cbf0 100644 --- a/adm/shop_admin/configformupdate.php +++ b/adm/shop_admin/configformupdate.php @@ -427,17 +427,19 @@ $sql = " update {$g5['g5_shop_default_table']} de_kakaopay_enckey = '{$de_kakaopay_enckey}', de_kakaopay_hashkey = '{$de_kakaopay_hashkey}', de_kakaopay_cancelpwd = '{$de_kakaopay_cancelpwd}', - de_naverpay_mid = '{$de_naverpay_mid}', - de_naverpay_cert_key = '{$de_naverpay_cert_key}', - de_naverpay_button_key = '{$de_naverpay_button_key}', - de_naverpay_test = '{$de_naverpay_test}', - de_naverpay_mb_id = '{$de_naverpay_mb_id}', - de_naverpay_sendcost = '{$de_naverpay_sendcost}', de_member_reg_coupon_use = '{$de_member_reg_coupon_use}', de_member_reg_coupon_term = '{$de_member_reg_coupon_term}', de_member_reg_coupon_price = '{$de_member_reg_coupon_price}', de_member_reg_coupon_minimum = '{$de_member_reg_coupon_minimum}' "; +if (defined('G5_SHOP_DIRECT_NAVERPAY') && G5_SHOP_DIRECT_NAVERPAY) { + $sql .= " ,de_naverpay_mid = '{$de_naverpay_mid}', + de_naverpay_cert_key = '{$de_naverpay_cert_key}', + de_naverpay_button_key = '{$de_naverpay_button_key}', + de_naverpay_test = '{$de_naverpay_test}', + de_naverpay_mb_id = '{$de_naverpay_mb_id}', + de_naverpay_sendcost = '{$de_naverpay_sendcost}' "; +} sql_query($sql); // 환경설정 > 포인트 사용 diff --git a/adm/visit_delete.php b/adm/visit_delete.php index 16390c3ee..24d4436df 100644 --- a/adm/visit_delete.php +++ b/adm/visit_delete.php @@ -13,6 +13,9 @@ $row = sql_fetch($sql); $min_year = (int)substr($row['min_date'], 0, 4); $now_year = (int)substr(G5_TIME_YMD, 0, 4); +if (!$min_year) { + $min_year = $now_year; +} ?>
diff --git a/bbs/board_head.php b/bbs/board_head.php index 96508e75d..2fb10c18c 100644 --- a/bbs/board_head.php +++ b/bbs/board_head.php @@ -7,7 +7,7 @@ if (G5_IS_MOBILE) { include_once(G5_BBS_PATH.'/_head.php'); echo html_purifier(stripslashes($board['bo_mobile_content_head'])); } else { - if(is_include_path_check($board['bo_include_head'])) { //파일경로 체크 + if($board['bo_include_head'] && is_include_path_check($board['bo_include_head'])) { //파일경로 체크 @include ($board['bo_include_head']); } else { //파일경로가 올바르지 않으면 기본파일을 가져옴 include_once(G5_BBS_PATH.'/_head.php'); diff --git a/bbs/board_tail.php b/bbs/board_tail.php index 9358c1b3f..87385e9fe 100644 --- a/bbs/board_tail.php +++ b/bbs/board_tail.php @@ -8,7 +8,7 @@ if (G5_IS_MOBILE) { include_once(G5_BBS_PATH.'/_tail.php'); } else { echo html_purifier(stripslashes($board['bo_content_tail'])); - if(is_include_path_check($board['bo_include_tail'])) { //파일경로 체크 + if($board['bo_include_tail'] && is_include_path_check($board['bo_include_tail'])) { //파일경로 체크 @include ($board['bo_include_tail']); } else { //파일경로가 올바르지 않으면 기본파일을 가져옴 include_once(G5_BBS_PATH.'/_tail.php'); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index 08c614e07..bf74ef3c7 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -217,7 +217,7 @@ for ($i=1; $i<=$upload_count; $i++) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php index 71e7c5c50..ed1984251 100644 --- a/bbs/write_comment_update.php +++ b/bbs/write_comment_update.php @@ -324,9 +324,7 @@ else if ($w == 'cu') // 댓글 수정 if (!$is_admin) $sql_ip = " , wr_ip = '{$_SERVER['REMOTE_ADDR']}' "; - $sql_secret = ""; - if ($wr_secret) - $sql_secret = " , wr_option = '$wr_secret' "; + $sql_secret = " , wr_option = '$wr_secret' "; $sql = " update $write_table set wr_subject = '$wr_subject', diff --git a/bbs/write_update.php b/bbs/write_update.php index dbda388ef..f36c60add 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -561,7 +561,7 @@ if(isset($_FILES['bf_file']['name']) && is_array($_FILES['bf_file']['name'])) { $upload[$i]['filesize'] = $filesize; // 아래의 문자열이 들어간 파일은 -x 를 붙여서 웹경로를 알더라도 실행을 하지 못하도록 함 - $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc)/i", "$0-x", $filename); + $filename = preg_replace("/\.(php|pht|phtm|htm|cgi|pl|exe|jsp|asp|inc|phar)/i", "$0-x", $filename); shuffle($chars_array); $shuffle = implode('', $chars_array); diff --git a/config.php b/config.php index 760110999..bb9324a76 100644 --- a/config.php +++ b/config.php @@ -161,7 +161,7 @@ define('G5_SPACE', 32); // 공백 define('G5_SPECIAL', 64); // 특수문자 // SEO TITLE 문단 길이 -define('G5_SEO_TITEL_WORD_CUT', 8); // SEO TITLE 문단 길이 +define('G5_SEO_TITLE_WORD_CUT', 8); // SEO TITLE 문단 길이 // 퍼미션 define('G5_DIR_PERMISSION', 0755); // 디렉토리 생성시 퍼미션 diff --git a/install/install_db.php b/install/install_db.php index 68a579ac8..6eab4b9fa 100644 --- a/install/install_db.php +++ b/install/install_db.php @@ -529,6 +529,13 @@ for ($i=0; $iDB설정 파일 생성 완료 () + Order allow,deny Deny from all diff --git a/lib/common.lib.php b/lib/common.lib.php index cab0a8510..1ab9fc1a6 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -3337,7 +3337,8 @@ function check_url_host($url, $msg='', $return_url=G5_URL, $is_redirect=false) if(!$msg) $msg = 'url에 타 도메인을 지정할 수 없습니다.'; - $p = @parse_url($url); + $url = urldecode($url); + $p = @parse_url(trim($url)); $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']); $is_host_check = false; diff --git a/lib/shop.lib.php b/lib/shop.lib.php index ee1ff3c1f..353d94a59 100644 --- a/lib/shop.lib.php +++ b/lib/shop.lib.php @@ -2464,9 +2464,9 @@ function shop_is_taxsave($od, $is_view_receipt=false){ if( $od['od_settle_case'] == '무통장' ){ $od_pay_type = 'account'; } else if ( $od['od_settle_case'] == '계좌이체' ) { - $od_pay_type = 'vbank'; - } else if ( $od['od_settle_case'] == '가상계좌' ) { $od_pay_type = 'transfer'; + } else if ( $od['od_settle_case'] == '가상계좌' ) { + $od_pay_type = 'vbank'; } if( $od_pay_type ) { diff --git a/lib/uri.lib.php b/lib/uri.lib.php index 5561cd839..e1443ea8c 100644 --- a/lib/uri.lib.php +++ b/lib/uri.lib.php @@ -193,7 +193,7 @@ function correct_goto_url($url){ return $url; } -function generate_seo_title($string, $wordLimit=G5_SEO_TITEL_WORD_CUT){ +function generate_seo_title($string, $wordLimit=G5_SEO_TITLE_WORD_CUT){ $separator = '-'; if($wordLimit != 0){ diff --git a/mobile/shop/settle_inicis.inc.php b/mobile/shop/settle_inicis.inc.php index b77f87151..503e165c7 100644 --- a/mobile/shop/settle_inicis.inc.php +++ b/mobile/shop/settle_inicis.inc.php @@ -54,6 +54,7 @@ $BANK_CODE = array( '88' => '신한은행', '89' => '케이뱅크', '90' => '카카오뱅크', + '92' => '토스뱅크', 'D1' => '동양종합금융증권', 'D2' => '현대증권', 'D3' => '미래에셋증권', diff --git a/shop.config.php b/shop.config.php index bd219cdec..0b926680b 100644 --- a/shop.config.php +++ b/shop.config.php @@ -94,6 +94,10 @@ if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') { define('SHOP_TOSSPAYMENTS_CASHRECEIPT_TEST_JS', 'http://pgweb.tosspayments.com:7085/WEB_SERVER/js/receipt_link.js'); } +// 네이버페이를 신용카드 결제창에서 지원하고 있으므로 네이버에 직접신청하는 결제 기능을 미사용(false:기본설정) 합니다. (kagla,211019) +// 네이버에서 직접신청 결제를 사용(true)하시는 경우 모든 문제를 직접 해결해 주셔야 합니다. +define('G5_SHOP_DIRECT_NAVERPAY', false); // false 미사용(기본설정), true 사용 + /* // 주문상태 상수 define('G5_OD_STATUS_ORDER' , '입금확인중'); diff --git a/shop/inicis/libs/sha256.inc.php b/shop/inicis/libs/sha256.inc.php index e39cd63da..72386947b 100644 --- a/shop/inicis/libs/sha256.inc.php +++ b/shop/inicis/libs/sha256.inc.php @@ -73,7 +73,9 @@ if (!class_exists('nanoSha2')) var $platform; // Php 4 - 6 compatable constructor - function nanoSha2($toUpper = false) { + // PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP + // function nanoSha2($toUpper = false) { + function __construct($toUpper = false) { // Determine if the caller wants upper case or not. $this->toUpper = is_bool($toUpper) ? $toUpper diff --git a/shop/settle_inicis.inc.php b/shop/settle_inicis.inc.php index e63a9ab4c..8e502166f 100644 --- a/shop/settle_inicis.inc.php +++ b/shop/settle_inicis.inc.php @@ -102,6 +102,7 @@ $BANK_CODE = array( '88' => '신한은행', '89' => '케이뱅크', '90' => '카카오뱅크', + '92' => '토스뱅크', 'D1' => '동양종합금융증권', 'D2' => '현대증권', 'D3' => '미래에셋증권', diff --git a/shop/settle_naverpay.inc.php b/shop/settle_naverpay.inc.php index 3fc9dd8b0..93c4b501b 100644 --- a/shop/settle_naverpay.inc.php +++ b/shop/settle_naverpay.inc.php @@ -1,5 +1,6 @@